Challenge Handshake Authentication Protocols (CHAP)
CHAP as its an implies implements a form of authentication that requires a challenge and a response. A CHAP authenticator challenge its client peer with its CHAP name and a random string. The client must transform this random string with a computation algorithm and a CHAP secret key. It then returns the result with its own name. The challenge evaluates the reply with its own copy of he secret key. Then it forwards a success or failure acknowledgment. CHAP packets when host a is the authenticator. In summary CAHP is a three way handshake consisting of a challenge a response, and an acknowledgment.
The challenge response and response computation are all built in to PPP software. Users need to supply a CAHP name and a secret key known by both endpoints of the PPP connection. As long as both endpoints use the same kys a CAHP reply matches what the CAHP challenger expects. The important security characteristics of CHAP is that PPP endpoints never keys in plain text through the PPP CHAP can extend the list of cryptographically one way functions used for computing CHAP response. When PPP endpoints negotiate CHAP authentication an I. C. P configure request packet caries the authentication protocol 0x023 option.
After PPP endpoints agree to use CHAP authentication the CHAP packets to exchange appear as in CHAP packets include four different messages, as distinguished by different codes. Challenge response success and failure.